package com.liang.blog.security.shiro;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.servlet.Filter;
import java.util.LinkedHashMap;
import java.util.Map;

/**
 * @Author：YanWenLiang
 * @Date:2023-08-17-17:14
 */
@Configuration
public class ShiroConfig {


    /**
     * 安全管理器
     * @param realm realm域
     * @return SecurityManager
     */
    @Bean("securityManager")
    public DefaultWebSecurityManager  securityManager(Realm realm) {
        //默认安全管理器
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(realm);
        //将自定义的realm交给安全管理器管理
        securityManager.setRealm(realm);
        //自定义session管理器
//        securityManager.setSessionManager(sessionManager());
//        //自定义缓存实现
//        securityManager.setCacheManager(cacheManager());
        return securityManager;
    }

    /**
     * shiro过滤器工厂
     * @param securityManager
     * @return
     */
    @Bean
    public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager) {
        //shiro过滤器工厂
        ShiroFilterFactoryBean filterFactory = new ShiroFilterFactoryBean();
        //设置安全管理器
        filterFactory.setSecurityManager(securityManager);
        LinkedHashMap<String, Filter> filterMap = new LinkedHashMap<>();
        //自定义认证过滤器
        filterMap.put("auth",new BlogAuthenticationFilter());
        filterFactory.setFilters(filterMap);
        //设置过滤链
        Map<String, String> filterChainMap = new LinkedHashMap<>();
        //anon  游客即可访问
//        filterChainMap.put("/auth/login","anon");
//        filterChainMap.put("/auth/logout","anon");
//        filterChainMap.put("/user/**", "anon");
////        filterChainMap.put("/userInfo","anon");
        //authc 需经过验证才能访问  auth自定义的过滤策略
        filterChainMap.put("/**","anon");
        filterFactory.setFilterChainDefinitionMap(filterChainMap);

        return filterFactory;
    }

    /**
     * 开启shiro aop注解支持
     * @param securityManager
     * @return
     */
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }

    @Bean
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator(){
        DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        advisorAutoProxyCreator.setProxyTargetClass(true);
        return advisorAutoProxyCreator;
    }


    // 3.创建⾃定义的realm
    @Bean
    public Realm getRealm() {
        BlogRealm customerRealm = new BlogRealm();
        // 修改凭证校验匹配器
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        hashedCredentialsMatcher.setHashAlgorithmName("MD5");
        hashedCredentialsMatcher.setHashIterations(1024);
        customerRealm.setCredentialsMatcher(hashedCredentialsMatcher);

//        // 开启缓存管理
//        customerRealm.setCachingEnabled(true);  // 开启全局缓存
//        customerRealm.setCacheManager(redisCacheManager);
//        customerRealm.setAuthenticationCachingEnabled(true); // 开启认证缓存
//        customerRealm.setAuthenticationCacheName("authenticationCache");
//        customerRealm.setAuthorizationCachingEnabled(true); // 开启授权缓存
//        customerRealm.setAuthorizationCacheName("authorizationCache");
        return customerRealm;
//        return null;
    }

}
